Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Using SAMBA with encrypted passwords

Posted on 1998-11-13
11
Medium Priority
?
309 Views
Last Modified: 2013-12-27
Hi there,

I installed samba 1.9.18p10 on a Solaris 2.6 system. I want to access it from a WinNT 4.0 wkst with SP3.

To do this (without having to change the way winnt negotiates passwords) I have to enable encrypted passwords in samba.

Now, as I understand there are primarily two ways:
1) Make a special samba-password file
2) Let another server/domain do the authentication

I want to use method (2), so I would like to just set "security=myserver.bla.bla", where myserver is my NT PDC.
Will this work or do I still need a samba password file. The documentation is a bit ambiguous in that respect ....

Excerpt:
"In this mode Samba will try to validate the
username/password by passing it to another SMB server, such
as an NT box. If this fails it will revert
to "security = user", but note that if encrypted passwords
have been negotiated then Samba cannot revert back to
checking the UNIX password file, it must have a valid
smbpasswd file to check users against."
^^^^^^^^^

If this should be a hard question, I am willing to give more points, but I am sure this should be a pretty standard-situation.

Greetings,

         os
0
Comment
Question by:os012897
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 3

Expert Comment

by:arunm
ID: 2007807
Im slightly confused, using this method what would happen if you attached a NT box that did not have sp3 ie. password encryption. Wouldnt it just be easier (but admittedly less secure!) to use the registry hack to stop NT (sp3) using encrpytion?
   
0
 
LVL 3

Author Comment

by:os012897
ID: 2007808
That is what I am doing right now, but I do not want to have it that way forever.

Basically I think as long as you have a user with identical UID on the NT and UNIX box it should work, as even NT before SP3 used password encryption. The difference is just, that pre-SP3 NT had a default fallback mode where it would also send passwords unencrypted if necessary, which after SP3 isn't the case anymore.

Greetings,

       os

0
 
LVL 3

Expert Comment

by:arunm
ID: 2007809
Due to the lack of responses, Im starting to wonder if what your asking will actually work?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:os012897
ID: 2007810
Well, maybe I should ask in the WInNT forum .....

os

0
 
LVL 3

Expert Comment

by:arunm
ID: 2007811
Good idea. Why not post a zero question there, indicating the problem and with the url of this thread.

0
 
LVL 3

Expert Comment

by:arunm
ID: 2007812
that should read- zero point question.

0
 
LVL 1

Expert Comment

by:kuehn
ID: 2007813
Have you tried to setup an Wins server? Samba needs wins. Without no login.
0
 
LVL 3

Author Comment

by:os012897
ID: 2007814
Hi kuehn,

I do not have Wins, but I CAN use the shares from the unix-machine. The problem is just, that I cannot use encrypted passwords (SP3) at the moment, see original question.

Greetings,

      os

0
 
LVL 2

Expert Comment

by:cwalter
ID: 2007815
You have 2 things you need to accomplish.

1. Make sure you have something similiar to the following in your smb.conf file:

[global]
   server string = Solaris SMB Server
   local master = no
   preferred master = no
   wins server = wins.domain.com
   domain master = no
   printing = bsd
   printcap name = /etc/printcap
   load printers = yes
   guest account = pcguest
   security = server
   password server = pdc.domain.com    

2. Setup your smbpasswd file with usernames and passwds which match your NT usernames and passwds.
0
 
LVL 3

Author Comment

by:os012897
ID: 2007816
Thanx cwalter,

First off, you will get your points, I would just like to have two things clarified first:

1) I am NOT using wins, is that a problem?
2) What is the smbpasswd good for? Can't I go without one?


Greetings,

          os

0
 
LVL 2

Accepted Solution

by:
cwalter earned 200 total points
ID: 2007817
You don't really need WINS, it is nice to have running, if nothing else your Unix machine could do it. If you don't have WINS running you need to have the NT name match the IP name. So if your PDC is called pdc in NT then the IP name would be pdc.domain.com.

smppasswd is kinda working as a key. Username to encrypted password and vice versa. This way Unix can match the username to the encrypted password which NT expects.
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question